Quadrooter vulnerability affects nearly 1 billion Snapdragon powered Android devices
About one billion Android phones and tablets are affected by one to four flaws found in Android phones powered by Snapdragon chipsets. One flaw found with this vulnerability called Quadrooter, can even affect the new BlackBerry DTEK50. The latter has been called "the most secure Android phone in the world" by BlackBerry. Check Point, the security firm that discovered Quadrooter, says that other handsets like the Nexus 5X, Nexus 6, Nexus 6P, HTC One M9, HTC 10, Samsung Galaxy S7 and Samsung Galaxy S7 edge can be attacked. Phones that are affected are powered by the Snapdragon chipset.
For a user's phone to be attacked, he or she would have to be tricked into installing a malicious app onto their handset. No special permissions are required to install it, and affected phones can be completely controlled by the hacker. For this to happen, the hacker must successfully exploit one of the four flaws thus giving him (or her) root access to the phone. Once that is accomplished, the invader gains access to the camera, microphone, data and all of the remaining hardware.
Qualcomm says that between April and July, it fixed all of the flaws and sent out patches to partners, customers, and those in the open source community. Those patches have been included in the monthly security update sent out by Google to Nexus models, and rolled out by other manufacturers to their own phone and tablet creations.
Because one of the patches wasn't ready in time to be included in the August update, one of the remaining flaws remains vulnerable. That patch is expected to be sent out with the September update that will go out just after next month starts. Since Qualcomm has sent out patches directly to its manufacturing partners, some of them could send out the the last fix before Google's September update.
source: ZDNet
Even the DTEK50, called the most secure Android phone in the world by BlackBerry, is vulnerable
Because one of the patches wasn't ready in time to be included in the August update, one of the remaining flaws remains vulnerable. That patch is expected to be sent out with the September update that will go out just after next month starts. Since Qualcomm has sent out patches directly to its manufacturing partners, some of them could send out the the last fix before Google's September update.
According to Michael Shaulov, head of mobility product management at Check Point, "No-one at this point has a device that's fully secure. That basically relates to the fact that there is some kind of issue of who fixes what between Qualcomm and Google."
source: ZDNet
Things that are NOT allowed: